Job Summary:

The Manager, Data Risk & Security is responsible for supervising a team of RAS professionals in the review, documentation, evaluation and testing of general controls in a wide range of technology environments to analyze system security and access controls, backup recovery procedures and IS organization and administration practices. Additionally, the Manager, Data Risk & Security is charged with managing all aspects of an internal audit, SOX or consulting engagement to include planning, field work, engagement wrap up and report composition, along with providing recommendations regarding client risks. The Manager, Data Risk & Security will also be responsible for providing suggestions to improve the IT and Cybersecurity internal controls of assigned clients.

Job Duties:

• Documents and tests application and automated controls on a wide range of software application packages
• Prepares audit reports and recommendations associated with audit work performed
• Manages Cybersecurity assessment projects and ensures the appropriate risks are addressed
• Participates in the review of internal controls based on Sarbanes-Oxley Act requirements
• Communicates to the client areas to strengthen controls, mitigate risks and/or increase efficiency
• Identifies key risks and assesses their impact and likeliness of occurrence
• Establishes engagement budget, makes pricing scope changes and prepares billings
• Utilizes research tools, databases, and trade publications to develop understanding of client's industry
• Prepares formal and informal presentations for client meetings
• Participates in marketing and business development activities within practice
• Completes research and draft proposals and reports
• Recognizes technical concerns or issues and communicates those concerns with internal and client management
• Plans and executes the audit work on assigned engagements
• Recognizes and validates relevant technical issues and brings them to the attention of client management
• Reviews the work product of staff
• Ensures technology is appropriately integrated into the audit process
• Acts as primary client contact for all questions and issues
• Communicates suggested improvements to processes, controls and risk management capabilities to client management and audit committees
• Analyzes the client's IT and Cybersecurity processes, risk, and controls
• Develops and maintains relationships with client personnel and management
• Documents controls, tests performed and results
• Administers project plans
• Other duties as required

Supervisory Responsibilities:

• Supervises the day-to-day workload of RAS Senior Associates and Associates on assigned engagements and reviews work product
• Ensures RAS Senior Associates and Associates are trained on all relevant software
• Evaluates the performance of RAS Senior Associates and Associates and assists in the development of goals and objectives to enhance professional development
• Delivers periodic performance feedback and completes performance evaluations for RAS Senior Associates and Associates
• Acts as mentor to RAS Senior Associates and Associates, as appropriate
• May act as a Career Advisor to associates or senior associates

Qualifications, Knowledge, Skills, and Abilities:

Education:

• Bachelor's degree in Accounting, Finance, Management Information Systems, or Business Intelligence, required

Experience:

• Five 5) or more years of experience performing Sarbanes-Oxley Readiness services, internal audit, consulting, or risk services as a Technology Subject Matter Expert, required
• Two (2) years of experience within a public accounting firm, preferred
• Experience performing audits of particular industries (manufacturing, retail, distribution, etc.), based upon the RAS practice's need, required
• Prior significant supervisory experience, required
• Experience performing systems audits and audits of application controls, required
• Experience with internal controls including flowcharts, documentation and testing of controls, required
• Experience conducting audit planning, developing audit programs, performing testing, and preparing work papers, required
• Experience performing audits within a public accounting environment, preferred
  

License/Certifications:

• Certificate of Internal Auditor ("CIA"), Certified Public Accountant ("CPA"), Certified Fraud Examiner ("CFE"), Certified Information System Auditor ("CISA"), Certified Information Systems Security Professional ("CISSP"), or equivalent certifications, required

Software:

• Exposure to industry software such as AS400, PeopleSoft, JD Edwards, SAP, Lawson, Oracle Financials, Great Plains, Solomon IV and MAS/90-500, UNIX, OS400 or ERP application software packages, preferred

Language:

• N/A

Other Knowledge, Skills, & Abilities:

• Solid understanding and experience planning and coordinating the stages to perform an audit
• Knowledge of internal accounting controls and professional standards and regulations
• Strong verbal and written communication skills, specifically business / report writing
• Ability to adapt style and messaging to effectively communicate with professionals at all levels both within the client organization and the firm
• Ability to successfully multi-task while working independently and within a group environment
• Superior analytical and diagnostic skills and ability to break down complex issues and implementing appropriate resolutions
• Capable of working in a demanding, deadline driven environment with a focus on details and accuracy
• Solid project management skills
• Sound SOX knowledge and familiarity with SEC and PCAOB reporting rules
• Solid grasp of general IT control concepts
• Understanding of the NIST Cyber Security Framework and/or ISO security standards
• Excellent people development and delegation skills, including training/instruction and engagement scheduling and budgeting
• Executive presence to act as primary contact for clients while preparing and presenting to clients and potential clients
• Capable of resolving complex business issues
• Build and maintain strong relationships with internal and client personnel
• Travel as needed